TeamToast
Features
IntegrationsPricingCompareSign inGet Started Free

Privacy Policy

Last updated: February 8, 2026

1. Introduction

This Privacy Policy explains how Open Growth Group INC ("we", "us", "our") collects, uses, and protects your information when you use TeamToast.ai ("the Service"). This policy applies to all users of the Service, including workspace administrators and members.

2. Data We Collect

We collect the following categories of data:

  • Chat platform profile information: Your name, email address, and profile avatar, obtained through Slack OAuth, Microsoft Teams authentication, or Google Workspace authentication.
  • Workspace information: Your workspace or tenant name, domain, and identifier from Slack, Microsoft Teams, or Google Workspace.
  • Recognition content: Toast messages, award descriptions, feedback posts, and points transactions you create through the Service.
  • Usage data: Information about how you interact with the Service, including features used and actions taken. When you consent to analytics cookies, we also collect page views, feature interactions, and session recordings (with password fields masked) through PostHog.
  • Technical data: IP address, browser type, device information, and access timestamps collected automatically when you use the Service. When analytics cookies are enabled, this data may also be shared with Google Analytics for aggregate usage analysis.
  • Payment data: Billing information is processed by Stripe. We do not store your credit card number or full payment details on our servers. We receive only a confirmation of payment status and a reference to your Stripe customer account.

3. How We Use Your Data

We use the data we collect to:

  • Provide and operate the Service, including authenticating users, processing toasts and awards, and displaying leaderboards.
  • Send notifications related to recognition activity in your workspace (e.g., when you receive a toast).
  • Process payments and manage subscriptions through Stripe.
  • Improve the Service based on usage patterns and feedback.
  • Respond to support requests and communicate with you about your account.
  • Comply with legal obligations.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on the following legal grounds:

  • Consent: When you authorize TeamToast through Slack OAuth, Microsoft Teams authentication, or Google Workspace authentication, you consent to our collection and use of your profile and workspace data.
  • Contract performance: Processing is necessary to provide the Service you signed up for.
  • Legitimate interests: We process data to improve the Service, ensure security, and prevent abuse, where these interests are not overridden by your rights.
  • Consent (analytics): When you accept analytics cookies through our cookie consent banner, you consent to our collection of usage analytics via PostHog and Google Analytics. You can withdraw this consent at any time through the cookie settings in our website footer.

5. Data Sharing & Third Parties

We share your data with the following third parties:

  • Slack: We integrate with Slack to authenticate users, read workspace data, and send notifications. Slack's use of your data is governed by Slack's Privacy Policy.
  • Microsoft Teams: We integrate with Microsoft Teams via the Bot Framework and Microsoft Graph API to authenticate users, read team and channel data, and send notifications. Microsoft's use of your data is governed by Microsoft's Privacy Statement.
  • Google Chat: We integrate with Google Chat and Google Workspace to authenticate users, read space and user data, and send notifications. Google's use of your data is governed by Google's Privacy Policy.
  • Stripe: We use Stripe to process payments. Stripe's handling of your payment data is governed by Stripe's Privacy Policy.
  • Hosting providers: We use cloud infrastructure providers to host the Service. Your data may be stored on their servers.
  • PostHog: When you consent to analytics cookies, we use PostHog for product analytics and session recording. PostHog's use of your data is governed by PostHog's Privacy Policy.
  • Google Analytics: When you consent to analytics cookies, we use Google Analytics 4 for aggregate usage analysis. Google's handling of analytics data is governed by Google's Privacy Policy.

We do not sell your personal data to anyone. We may disclose your data if required by law, regulation, or legal process.

6. Cookies & Tracking Technologies

TeamToast uses cookies and similar technologies, organized into three categories:

Essential cookies are required for the Service to function and are always active. These include:

  • Authentication token: To keep you signed in.
  • Session data: To maintain your session state.

Functional cookies remember your preferences, such as sidebar layout. These are optional and can be disabled.

Analytics cookies help us understand how you use the Service so we can improve it. When you consent to analytics cookies, we use:

  • PostHog for product analytics, event tracking, and session recording. Session recordings mask all password fields. PostHog processes data in accordance with PostHog's Privacy Policy.
  • Google Analytics 4 for aggregate page view and usage analysis. Google processes data in accordance with Google's Privacy Policy.

When you first visit our website, a cookie consent banner allows you to accept all cookies, reject non-essential cookies, or customize your preferences for each category. Your choice is stored locally on your device. Analytics cookies are never set without your explicit consent.

You can change your cookie preferences at any time by clicking the "Cookie Settings" link in our website footer. We do not use advertising or marketing cookies.

7. Data Retention

We retain your data for as long as your workspace account is active and the Service is in use. If a workspace administrator disconnects their workspace from TeamToast, we will delete all associated workspace data within 30 days, unless retention is required by law.

8. Your Rights (GDPR)

If you are in the EEA, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data.
  • Portability: Request your data in a machine-readable format.
  • Restrict processing: Request that we limit how we use your data.
  • Withdraw consent: You can revoke TeamToast access at any time through your chat platform's workspace or admin settings.

To exercise any of these rights, contact us at [email protected].

9. Your Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know: Request what personal information we collect and how we use it.
  • Right to access: Request a copy of your personal information.
  • Right to delete: Request deletion of your personal information.
  • Right to opt-out of sale: We do not sell personal information.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

10. Data Security

We take reasonable measures to protect your data, including:

  • Encryption in transit using TLS for all connections to the Service.
  • Access controls to limit who within our organization can access your data.
  • Stripe PCI DSS compliance for all payment processing.

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Transfers

Your data is stored and processed in the United States. If you are accessing the Service from outside the US, your data will be transferred to the US. For users in the EEA, we rely on Standard Contractual Clauses or other appropriate safeguards to ensure your data is protected in accordance with GDPR requirements.

12. Children's Privacy

TeamToast is designed for workplace use and is not directed at children under the age of 13. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 13, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

14. Contact

If you have questions about this Privacy Policy or your data, contact us at [email protected].

TeamToast

Employee recognition that fits your budget.

Product

  • Features
  • Toast Wall
  • Pulse Surveys
  • Badges & Streaks
  • Integrations
  • Pricing
  • Compare

Compare

  • vs Bonusly
  • vs Nectar
  • vs Kudos
  • vs HeyTaco
  • vs Achievers

Company

  • About
  • Terms
  • Privacy
  • Support
  • Glossary
  • Sitemap
  • Contact

Connect

  • Twitter
  • LinkedIn
  • GitHub
© 2026 TeamToast. All rights reserved.